Merge pull request #275 from HotCakeX/Harden-Windows-Security-Module-…

…v0.4.5 Harden Windows Security Module v.0.4.5
HotCakeX · Jun 14, 2024 · 45419f5 · 45419f5
2 parents 5dcc5a6 + f7f1a70
commit 45419f5
Show file tree

Hide file tree

Showing 8 changed files with 1,628 additions and 1,587 deletions.
diff --git a/Harden-Windows-Security Module/Main files/Core/Confirm-SystemCompliance.psm1 b/Harden-Windows-Security Module/Main files/Core/Confirm-SystemCompliance.psm1
diff --git a/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1 b/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1
diff --git a/Harden-Windows-Security Module/Main files/Core/Unprotect-WindowsSecurity.psm1 b/Harden-Windows-Security Module/Main files/Core/Unprotect-WindowsSecurity.psm1
@@ -140,7 +140,7 @@ Function Unprotect-WindowsSecurity {
                         Write-Verbose -Message 'Removing the country IP blocking firewall rules only'
                         Remove-NetFirewallRule -DisplayName 'OFAC Sanctioned Countries IP range blocking' -PolicyStore localhost -ErrorAction SilentlyContinue
                         Remove-NetFirewallRule -DisplayName 'State Sponsors of Terrorism IP range blocking' -PolicyStore localhost -ErrorAction SilentlyContinue
-                        Start-Process -FilePath gpupdate.exe -ArgumentList '/force' -NoNewWindow | Out-Null
+                        Start-Process -FilePath GPUpdate.exe -ArgumentList '/force' -NoNewWindow
                         break
                     }
                     $OnlyDownloadsDefenseMeasures {
@@ -158,7 +158,7 @@ Function Unprotect-WindowsSecurity {
 
                         # Create the working directory
                         Write-Verbose -Message "Creating a working directory at $CurrentUserTempDirectoryPath\HardeningXStuff\"
-                        New-Item -ItemType Directory -Path "$CurrentUserTempDirectoryPath\HardeningXStuff\" -Force | Out-Null
+                        $null = New-Item -ItemType Directory -Path "$CurrentUserTempDirectoryPath\HardeningXStuff\" -Force
 
                         # working directory assignment
                         [System.IO.DirectoryInfo]$WorkingDir = "$CurrentUserTempDirectoryPath\HardeningXStuff\"
@@ -210,7 +210,7 @@ Function Unprotect-WindowsSecurity {
                         Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' -Name 'RestartNotificationsAllowed2' -Value '0' -Type DWord
 
                         # Re-enables the XblGameSave Standby Task that gets disabled by Microsoft Security Baselines
-                        SCHTASKS.EXE /Change /TN \Microsoft\XblGameSave\XblGameSaveTask /Enable | Out-Null
+                        $null = SCHTASKS.EXE /Change /TN \Microsoft\XblGameSave\XblGameSaveTask /Enable
 
                         $CurrentMainStep++
                         Write-Progress -Id 0 -Activity 'Restoring Microsoft Defender configs back to their default states' -Status "Step $CurrentMainStep/$TotalMainSteps" -PercentComplete ($CurrentMainStep / $TotalMainSteps * 100)
@@ -242,7 +242,7 @@ Function Unprotect-WindowsSecurity {
 
                         Write-Verbose -Message "Removing the scheduled task $taskName"
                         if (Get-ScheduledTask -TaskName $taskName -TaskPath $taskPath -ErrorAction SilentlyContinue) {
-                            Unregister-ScheduledTask -TaskName $taskName -TaskPath $taskPath -Confirm:$false | Out-Null
+                            [System.Void](Unregister-ScheduledTask -TaskName $taskName -TaskPath $taskPath -Confirm:$false)
                         }
 
                         # Enables Multicast DNS (mDNS) UDP-in Firewall Rules for all 3 Firewall profiles

diff --git a/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 b/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1
@@ -4,7 +4,7 @@
   RootModule           = 'Harden-Windows-Security-Module.psm1'
 
   # Version number of this module.
-  ModuleVersion        = '0.4.4'
+  ModuleVersion        = '0.4.5'
 
   # Supported PSEditions
   CompatiblePSEditions = @('Core')
@@ -139,6 +139,8 @@ Harden Windows Safely, Securely, only with Official Microsoft methods
     'Resources\ProcessMitigations.csv',
     'Shared\Update-self.psm1',
     'Shared\Test-IsAdmin.psm1',
+    'Shared\IndividualResultClass.cs',
+    'Shared\SystemInfoNativeMethods.cs',
     'Resources\Media\Log.png',
     'Resources\Media\Path.png',
     'Resources\Media\start.png',

diff --git a/Harden-Windows-Security Module/Main files/Preloader.ps1 b/Harden-Windows-Security Module/Main files/Preloader.ps1
@@ -1,5 +1,6 @@
 # This file is automatically imported in the PowerShell session every time a cmdlet of this module is called, without requiring to manually use the Import-Module cmdlet
 # all the variables in here persist until PowerShell (session) is closed
+$global:ErrorActionPreference = 'Stop'
 
 if (!$IsWindows) {
     Throw [System.PlatformNotSupportedException] 'The Harden Windows Security module only runs on Windows operation systems.'

diff --git a/Harden-Windows-Security Module/Main files/Shared/IndividualResultClass.cs b/Harden-Windows-Security Module/Main files/Shared/IndividualResultClass.cs
@@ -0,0 +1,13 @@
+// Imported by Confirm-SystemCompliance cmdlet
+namespace HardeningModule
+{
+    public class IndividualResult
+    {
+        public string FriendlyName { get; set; }
+        public string Compliant { get; set; }
+        public string Value { get; set; }
+        public string Name { get; set; }
+        public string Category { get; set; }
+        public string Method { get; set; }
+    }
+}
diff --git a/Harden-Windows-Security Module/Main files/Shared/SystemInfoNativeMethods.cs b/Harden-Windows-Security Module/Main files/Shared/SystemInfoNativeMethods.cs
@@ -0,0 +1,45 @@
+// bootDMAProtection check - checks for Kernel DMA Protection status in System information or msinfo32
+using System;
+using System.Runtime.InteropServices;
+
+namespace SystemInfo
+{
+  public static class NativeMethods
+  {
+    internal enum SYSTEM_DMA_GUARD_POLICY_INFORMATION : int
+    {
+      SystemDmaGuardPolicyInformation = 202
+    }
+
+    [DllImport("ntdll.dll")]
+    internal static extern Int32 NtQuerySystemInformation(
+        SYSTEM_DMA_GUARD_POLICY_INFORMATION SystemDmaGuardPolicyInformation,
+        IntPtr SystemInformation,
+        Int32 SystemInformationLength,
+        out Int32 ReturnLength);
+
+    public static byte BootDmaCheck()
+    {
+      Int32 result;
+      Int32 SystemInformationLength = 1;
+      IntPtr SystemInformation = Marshal.AllocHGlobal(SystemInformationLength);
+      Int32 ReturnLength;
+
+      result = NativeMethods.NtQuerySystemInformation(
+          NativeMethods.SYSTEM_DMA_GUARD_POLICY_INFORMATION.SystemDmaGuardPolicyInformation,
+          SystemInformation,
+          SystemInformationLength,
+          out ReturnLength);
+
+      if (result == 0)
+      {
+        byte info = Marshal.ReadByte(SystemInformation, 0);
+        Marshal.FreeHGlobal(SystemInformation); // free the allocated memory
+        return info;
+      }
+
+      Marshal.FreeHGlobal(SystemInformation); // free the allocated memory
+      return 0;
+    }
+  }
+}
diff --git a/Harden-Windows-Security Module/version.txt b/Harden-Windows-Security Module/version.txt
@@ -1 +1 @@
-0.4.4
+0.4.5